From cb828200e15ffd900dfcfe95e9e2c88ce57dad67 Mon Sep 17 00:00:00 2001
From: Akhil Mohan <akhilmhdh@gmail.com>
Date: Tue, 19 Mar 2024 13:56:21 +0000
Subject: [PATCH] fix(server): updated secret rotation to pick on db host in
 validation

---
 .../secret-rotation-queue/secret-rotation-queue-fn.ts |  3 ++-
 backend/src/lib/knex/connection.ts                    | 11 +++++++++++
 backend/src/lib/knex/index.ts                         |  1 +
 3 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 backend/src/lib/knex/connection.ts

diff --git a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue-fn.ts b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue-fn.ts
index c67477bfd9..5a2e478e16 100644
--- a/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue-fn.ts
+++ b/backend/src/ee/services/secret-rotation/secret-rotation-queue/secret-rotation-queue-fn.ts
@@ -9,6 +9,7 @@ import jmespath from "jmespath";
 import knex from "knex";
 
 import { getConfig } from "@app/lib/config/env";
+import { getDbConnectionHost } from "@app/lib/knex";
 import { alphaNumericNanoId } from "@app/lib/nanoid";
 
 import { TAssignOp, TDbProviderClients, TDirectAssignOp, THttpProviderFunction } from "../templates/types";
@@ -89,7 +90,7 @@ export const secretRotationDbFn = async ({
   const appCfg = getConfig();
 
   const ssl = ca ? { rejectUnauthorized: false, ca } : undefined;
-  if (host === "localhost" || host === "127.0.0.1" || appCfg.DB_CONNECTION_URI.includes(host))
+  if (host === "localhost" || host === "127.0.0.1" || getDbConnectionHost(appCfg.DB_CONNECTION_URI) === host)
     throw new Error("Invalid db host");
 
   const db = knex({
diff --git a/backend/src/lib/knex/connection.ts b/backend/src/lib/knex/connection.ts
new file mode 100644
index 0000000000..993615a0b8
--- /dev/null
+++ b/backend/src/lib/knex/connection.ts
@@ -0,0 +1,11 @@
+import { URL } from "url"; // Import the URL class
+
+export const getDbConnectionHost = (urlString: string) => {
+  try {
+    const url = new URL(urlString);
+    // Split hostname and port (if provided)
+    return url.hostname.split(":")[0];
+  } catch (error) {
+    return null;
+  }
+};
diff --git a/backend/src/lib/knex/index.ts b/backend/src/lib/knex/index.ts
index 37fae624ef..d780208098 100644
--- a/backend/src/lib/knex/index.ts
+++ b/backend/src/lib/knex/index.ts
@@ -4,6 +4,7 @@ import { Tables } from "knex/types/tables";
 
 import { DatabaseError } from "../errors";
 
+export * from "./connection";
 export * from "./join";
 export * from "./select";